[c-nsp] PIX515 don't want to allocate ip address on interface.
Nikolay Pavlov
quetzal at zone3000.net
Fri Aug 4 14:46:15 EDT 2006
On Thursday, 3 August 2006 at 14:10:10 -0700, Michael K. Smith wrote:
> Hello:
>
>
>
> I think a little more information is required. How about:
>
> 1) sho interface ethernet0
> 2) sho interface ethernet1
> 3) sho arp
> 4) What is the syntax for the ping command you are using?
> 5) Have you done the necessary steps to create ssh keys, including adding
> your domain name and then generating the key?
>
> Regards,
>
> Mike
Ok... Here is additional information:
cspix515-fw1-NY# sh interface ethernet 0
Interface Ethernet0 "outside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 0003.e300.0e6c, MTU 1500
IP address unassigned
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
3647 packets input, 220501 bytes, 0 no buffer
Received 3649 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/93)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Traffic Statistics for "outside":
3547 packets input, 164723 bytes
0 packets output, 0 bytes
20 packets dropped
x515-fw1-NY# sh interface ethernet 1
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 0003.e300.0e6d, MTU 1500
IP address unassigned
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
8853 packets input, 531180 bytes, 0 no buffer
Received 8853 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/97)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Traffic Statistics for "inside":
8747 packets input, 402362 bytes
0 packets output, 0 bytes
0 packets dropped
cspix515-fw1-NY# sh arp
empty ...
Don't worry about ssh, i know the procedure...
Here is once again "sh ip address" command:
cspix515-fw1-NY# sh ip address
System IP Addresses:
Interface Name IP address Subnet
mask Method
Ethernet0 outside xx.xx.57.54 255.255.255.192 CONFIG
Ethernet1 inside 192.168.1.1 255.255.255.0 CONFIG
Current IP Addresses:
Interface Name IP address Subnet mask Method
Here all is empty...
To prevent your next questions guys here goes my config:
======================================================================
cspix515-fw1-NY# sh run
: Saved
:
PIX Version 7.1(2)
!
hostname cspix515-fw1-NY
domain-name MY.TLD
enable password HIDE encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address xx.xx.57.54 255.255.255.192
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
passwd HIDE encrypted
boot system flash:/pix712.bin
ftp mode passive
clock timezone ET -5
clock summer-time EST recurring
dns domain-lookup outside
dns server-group DefaultDNS
name-server xx.xx.60.10
domain-name MY.TLD
access-list 100 extended permit icmp any any echo
access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit tcp any any range ssh telnet
pager lines 24
logging enable
logging timestamp
logging buffer-size 8192
logging buffered debugging
logging trap informational
logging facility 21
logging host outside xx.xx.48.25
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.57.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username quetzal password HIDE encrypted
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
snmp-server host outside xx.xx.48.25 community HIDE
snmp-server host outside xx.xx.51.2 community HIDE
snmp-server host outside xx.xx.60.162 community HIDE
no snmp-server location
no snmp-server contact
snmp-server community HIDE
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet xx.xx.68.98 255.255.255.255 outside
telnet xx.xx.60.162 255.255.255.255 outside
telnet xx.xx.51.2 255.255.255.255 outside
telnet xx.xx.48.25 255.255.255.255 outside
telnet timeout 30
ssh xx.xx.68.98 255.255.255.255 outside
ssh xx.xx.60.162 255.255.255.255 outside
ssh xx.xx.51.2 255.255.255.255 outside
ssh xx.xx.48.25 255.255.255.255 outside
ssh timeout 60
ssh version 2
console timeout 30
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
ntp server xx.xx.48.24
ntp server xx.xx.51.2
ntp server xx.xx.60.162
ntp server xx.xx.60.3
Cryptochecksum:736500678a3372b54716aa00253ce4b1
: end
--
=========================================================================
= Best regards, Nikolay Pavlov. <<<------------------------------------ =
=========================================================================
More information about the cisco-nsp
mailing list